What version of Go are you using (go version)?

$ go version
go version go1.13.7 darwin/amd64

Does this issue reproduce with the latest release?

Yes. The x509.CertPool related source code in release-branch.go1.14 does not appear to have changed, and is not public.

What operating system and processor architecture are you using (go env)?

$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE=""
GOENV=""
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/opt/pkg/go113"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/opt/pkg/go113/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/zz/l8crt7256_vfh01b32jqp7yc0000gn/T/go-build669682046=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

Searched the go source code for alternative paths to CertPool.contains(). I have not found an alternative yet.

What did you expect to see?

A public equivalent to CertPool.contains(), or another code path that accesses the method by taking a CertPool as input (e.g.,x509.IsCertIn(*Certificate, *CertPool) bool).

What did you see instead?

There does not appear to be any public code to determine if a CertPool contains a given certificate.

Notes

I would like to make x509.CertPool.contains() public. Before submitting any changes, I figured I would ask :) I do not see any (obvious) reasons why it would be kept private in the source code, or in git blame.

Thank you for reading.

• Stephen